Master Thesis: Privacy Risks in Time-Series Models
AI Sweden is now looking for master thesis students(s) to further strengthen the LeakPro team.
Artificial intelligence is transforming society. AI Sweden is the national centre for applied artificial intelligence, jointly funded by the Swedish government and our partners, both public and private. Our mission is to accelerate the use of AI for the benefit of our society, our competitiveness, and for everyone living in Sweden.
We are now looking for master thesis student(s) to further strengthen our LeakPro team.
Introduction
In recent years, the application of machine learning models to analyze time series data has seen rapid growth across numerous industries, including finance, healthcare, energy, and the Internet of Things (IoT) [5]. However, as the use of these models becomes increasingly widespread, concerns regarding the privacy and security of the underlying data have intensified.
One particular privacy threat that has gained attention is the risk of membership inference attacks (MIAs) [2]. These attacks allow adversaries to determine whether a specific data point was part of a machine learning model’s training set. Such a capability can have serious consequences, especially when dealing with sensitive information such as financial transactions, medical histories, or proprietary business data. If adversaries can exploit these vulnerabilities, they may expose private information about individuals or gain insights into confidential datasets, thereby posing significant legal and ethical
challenges.
While much research has been conducted on membership inference attacks in domains like image classification and natural language processing, the vulnerability of time series-based models to these attacks have only been considered in few works [4, 3]. Time series data has unique properties—such as temporal dependencies and correlations—that could potentially influence the efficacy and nature of MIAs. Given the increasing reliance on machine learning models to process time series data in critical applications, it is essential to investigate the extent to which such models are susceptible to MIAs.
Project Background
AI Sweden is leading a project to develop an open-source privacy auditing tool called LeakPro, designed to assess information leakage risks in machine learning models. This initiative, undertaken in collaboration with RISE, Sahlgrenska, Region Halland, AstraZeneca, Syndata, and Scaleout, aims to evaluate the risk of sensitive information disclosure when models trained on confidential data are made publicly available. LeakPro supports a variety of data types, including images, tabular data, and graph structures. The overaching goal of this thesis is to pave the road towards adding time-series to this list.
In a MIA, the adversary is assumed to have access to a trained model, denoted by θ, and a data sample x, which is drawn from the same distribution as the unknown training data. The adversary’s objective is to devise an algorithm A(θ, x) → {0, 1}, where the binary output indicates whether the data sample x was part of the model’s training set or not.
In the context of time series forecasting, each training sample consists of an M dimensional numerical sequence of length T, represented as x = [x1, . . . , xT ] ∈ RM×T. The forecasting model is tasked with predicting H data points into the future, i.e., xp = [xT+1, . . . , xT+H] ∈ RM×H.
The adversary strives to exploit the model’s predictions, xp, to generate signals that feed into their attack algorithm. Indeed, a recent study demonstrated that adversaries could enhance their attacks by generating signals based on the estimation of trends and seasonal variability in the time series data [4]. Understanding and analyzing how similar signals can be used in membership inference attacks will be a central focus of this thesis.
Outline
The objectives of this project are to analyze the vulnerability of time-series models to membership inference attacks and to explore various techniques for conducting membership inference in the context of time series data. Although research is still early, there are works that may serve as initial inspiration [3, 6, 8]. The objectives of the project are outlined below.
1. Literature study of MIA with emphasis on time-series-based models: The goals of this part is to i) summarize existing research on membership inference attacks and their implications for time series models, ii) what are relevant membership inference attacks and settings, and iii) relevant benchmark datasets. Finally, the problem should be framed into the privacy-game framework of [7].
2. Implementation and evaluation of benchmark methods: From the literature study, formulate a benchmark suite involving a threat model, dataset(s), and relevant models.
3. Enhanced Membership Inference Attacks: Based on the literature survey and the benchmark suite, we shall next attempt to improve on current state-of-the-art by incorporating knowledge from attacks on other modalities (7+ experts are actively working on this within LeakPro).
If time permits and the student is interested, there is also an opportunity to contribute to the opensource platform LeakPro that is currently under development [1]. For this, several contributions are interesting, e.g., a taxonomy of membership inference attacks on time-series-based models and what components are important, similarities between these attacks and attacks on other modalities, and/or implementation of the benchmarks/novel attacks into LeakPro.
Contact
Johan Östman: johan.ostman@ai.se
Fazeleh Hoseini: fazeleh.hoseini@ai.se
References
[1] AI Sweden et al. Leakpro: Leakage profiling and risk oversight of machine learning models. https://github.com/aidotse/LeakPro.
[2] Nicholas Carlini, Steve Chien, Milad Nasr, Shuang Song, Andreas Terzis, and Florian Tramer. Membership inference attacks from first principles. In IEEE Symposium on Security and Privacy (SP), 2022.
[3] Sorami Hisamoto, Matt Post, and Kevin Duh. Membership inference attacks on sequence-to-sequence models: Is my data in your machine translation system? Transactions of the Association for Computational Linguistics, 8, 2020.
[4] Noam Koren, Abigail Goldsteen, Ariel Farkash, and Guy Amit. Membership inference attacks against time-series models. arXiv preprint arXiv:2407.02870, 2024.
[5] Bryan Lim and Stefan Zohren. Time-series forecasting with deep learning: a survey. Philosophical Transactions of the Royal Society A, 379(2194), 2021.
[6] Apostolos Pyrgelis, Carmela Troncoso, and Emiliano De Cristofaro. Knock knock, who’s there? membership inference on aggregate location data. arXiv:1708.06145, 2017.
[7] Ahmed Salem, Giovanni Cherubin, David Evans, Boris KÅNopf, Andrew Paverd, Anshuman Suri, Shruti Tople, and Santiago Zanella-BÅLeguelin. Sok: Let the privacy games begin! a unified treatment of data inference privacy in machine learning. In IEEE Symposium on Security and Privacy (SP), 2023.
[8] Antonin Voyez, Tristan Allard, Gildas Avoine, Pierre Cauchois, Elisa Fromont, and Matthieu Simonin. Membership Inference Attacks on Aggregated Time Series with Linear Programming. In International Conference on Security and Cryptography, 2022.
Application closes November 10th. You can apply to this thesis alone or as a pair of students. The LeakPro team is mostly located in Gothenburg but remote work is okay.
AI Sweden does not accept unsolicited support and kindly ask not to be contacted by any advertisement agents, recruitment agencies or manning companies.
- Locations
- Flexible location, Sweden
About AI Sweden
AI Sweden is the national center for applied artificial intelligence, jointly funded by the Swedish government and our partners, both public and private. Our mission is to accelerate the use of AI for the benefit of our society, our competitiveness, and for everyone living in Sweden.
Listen to Johanna, Vinutha, and Martin to hear what they say about working at AI Sweden in this podcast episode on Spotify!
Master Thesis: Privacy Risks in Time-Series Models
AI Sweden is now looking for master thesis students(s) to further strengthen the LeakPro team.
Loading application form